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(57) Abstract 



An IC information card includes a programmed microp- 
rocessor and a nonvolatile read/write memory (EPROM) em- 
bedded in a plastic card. Terminal contacts on the face of the ic card 
card enable interfacing with a reader/writer coupled to a host 
computer, such as an IBM-XT. The data storage portion of the 
memory in the card is segmentable into one or more data zones, 
each requiring either no access code or one or more access 
codes to be entered in the card in order to access (read and/or 
write) that zone. Segmentation of the card memory and the as- 
signment of required access codes is achieved by writing a zone 
definition table and one or more access codes into the card 
memory using a special access code that is fixed in the microp- 
rocessor program. The access codes for the data zones are thus 
stored on the card and the programmed microprocessor in the 
card compares incoming codes to the stored codes to determine 
whether access to a particular data zone is permissible. The 
access codes for the data zones of the card memory are advanta- 
geously stored in a control card, which is interfaced to a two- 
card reader/writer together with the card to be accessed. In this 
manner, the required access codes are transferred from the con- 
trol card to the information card when access of a data zone 
therein is required, and the access codes stored in the control card need not become known to any individual. The card is 
locked upon failure to receive a proper access code a predetermined number of times in succession, but can be unlocked 
up to a certain number of times by providing an unlocking code in combination with prespecified access codes. An initial- 
izer system initializes the cards by writing a zone definition table and one or more access codes in the card memory and by 
reading a file identification code prewritten on a magnetic stripe of the card. The file identification code is used to locate a 
corresponding data file in a mass storage device associated with the computer. The data in the corresponding data file are 
then written into appropriate data zones of the memory of the card. 
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Description 
IC Card System 

Technical Field 

A microfiche appendix containing 145 frames on 
5 2 cards is included in the specification and is 
hereafter referred to as Appendix I. 
Background of the Invention 

The present invention relates to an integrated 
circuit (IC) information card system using a card 

10 having an integrated circuit chip or chips including a 
programmable processor and a nonvolatile read/write 
memory for storing data and access codes needed to 
access the data. 

Various types of information cards have been 

15 developed which include storage media for storing 

information identifying the user of the card and other 
information. One such card is the ordinary plastic 
credit card or identification card which has embossed 
lettering on the card to indicate the identity of the 

20 holder, an identification or account number and 

possibly other information. In addition, the ordinary 
plastic credit or identification card has on its 
backside a magnetic stripe for magnetically storing 
data. The data stored on the magnetic strip typically 

25 verifies the embossed information on the front of the 
card and includes additional information. Such 
magnetic stripe plastic cards , while inexpensive to 
manufacture and issue, provide relatively little 
security against unauthorized or fraudulent access 

30 to the information stored on the exposed magnetic 

stripe, since such information can be easily read or 
altered using commonly available equipment. 
Furthermore, the recorded data on the magnetic stripe 
may be distorted or destroyed by dirt, scratches or 

35 contact of the magnetic stripe with magnetic materials 
. Moreover, the capacity of such a magnetic stripe 
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plastic card is limited to about 0.5K bits to 1.7K 
bits, or about 70 to 200 alphanumeric characters. 

Another type of card, known as the laser card, is 
similar to the magnetic-stripe plastic card but 
5 replaces the magnetic stripe with a stripe of 

reflective material. Information is stored in the 
laser card by burning microscopic holes in the surface 
of the reflective stripe with a focused, low-power 
laser. Although the laser card is capable of very 

10 high data storage capacities of up to 1 million bits, 
it also does not provide adequate protection against 
unauthorized access to the data stored in the exposed 
reflective stripe, which can be easily read or written 
using the proper equipment. 

15 Yet another type of information card incorporates 

integrated circuit memory of either the read only and 
the write/read variety. Such a memory card typically 
has multiple electrical contacts located at one or 
more edges of the card or on a face of the card to 

20 permit electrical access to the address, data and any 
control terminals of the memory in the card. However, 
such memory cards generally provide relatively little 
or no protection against unauthorized access to the 
data stored in the card, since the contents of the 

25 card memory can, in most cases, be easily read out or 
added to with the proper equipment. Further, some 
memory cards use volatile memory requiring a costly, 
built-in, power source in the card to prevent loss of 
the data stored in the card memory. The foregoing 

30 deficiencies of memory cards have essentially limited 
their use. 

Still another type of information card, known as 
the wired-logic card, incorporates an integrated 
hard-wired logic circuit together with nonvolatile 
35 integrated circuit memory to provide improved security 
for the data stored in the memory. In such a card, 
access to the memory may be entirely under the control 
of the hard-wired logic circuit, which may require the 
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entry of a secret code or key before access to the 
memory is permitted. Owing to the limited processing 
capability of the hard-wired logic circuit, the 
wired-logic cards have been limited to relatively 
5 simple applications, such as for telephone payments 
and records. 

The latest generation of information cards, which 
are commonly referred to as "intelligent" or "smart" 
cards, includes a programmable integrated circuit 

10 processor together with nonvolatile integrated circuit 
memory within the card. Since the programmable 
processor provides greatly expanded processing 
capabilities, the card may incorporate a sophisticated 
security system to prevent unauthorized or fraudulent 

15 access to some or all of the data stored in the card 
memory. 

One such security system is disclosed and claimed 
in U.S. Patent No. 4,211,919 to Michael Ugon, which 
issued on July 8, 1980. In that security system, the 

20 card memory is segmented into three particular zones, 
namely: a secret zone in which reading and writing 
operations are permitted only by the internal 
processor of the card; a working zone in which reading 
and writing operations are permitted directly by an 

25 external card reader/writer device; and a read zone in 
which only reading operations are permitted directly 
by the card reader/writer device. The secret zone of 
the card memory includes at least one key or code 
which is compared to a key received, from a card 

30 reader/writer device to determine whether a particular 
access operation to the working zone is authorized. 

The above-described card security system has the 
problem in that data segments of the working zone may 
be defined only in the application program of the host 

35 computer of the card system, therefore adding to the 
complexity of such an application program. 
Furthermore, all data in the working zone have only a 
single security level for reading and writing 
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operations, respectively, i.e., with the entry of the 
proper key or combination of keys the entire working 
zone may be read or written. 

In many applications for information cards, it is 
5 desirable to have the flexibility of being able to 
define the data zones of the card memory within the 
card itself and of being able to assign different 
security levels for reading or writing operations in 
the various data zones to suit the particular 

10 application. For example, in a health care applica- 
tion where the card is used to store data concerning a 
health care recipient, it would be appropriate to 
restrict access to certain categories of data only to 
particular classifications of health care personnel 

15 {e.g., doctors, pharmacists, etc.) and to similarly 

restrict the authority to add or alter the data in the 
card memory. Therefore, it is desirable to store the 
yarious categories of data concerning the health care 
recipient in different zones of the card memory as 

20 defined within the card and to assign an appropriate 
access security level, based on one or more access 
keys, for reading and writing operations to each data 
zone • 

Accordingly, a need clearly exists for an IC card 
25 structure and method in which the card memory may be 
segmented into a desired number of data zones after 
this card is manufactured and in which each data zone 
of the card memory may be assigned a respective 
security level, based on one or more access keys, for 
30 reading or writing operations in that zone. A system 
using an IC card and method may advantageously include 
provisions for preventing the dissemination of 
knowledge of the access keys or combinations of such 
keys which define the security levels for the data 
35 zones of the card memory and for initializing the 
cards (i.e., defining the data zones of the card 
memory, assigning respective security levels to each 
data zone and loading the proper data into the various 
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data zones card of the care memory) for each applica- 
tion on a mass production basis. 
Summary of the Invention 

In accordance with the present invention, an IC 
5 information card, systems for using and initializing 
such cards and methods for segmenting the card memory 
and for preventing the dissemination of knowledge of 
access codes are provided which overcome or at least 
mitigate the limitations and problems of the prior art 

10 as described above. 

The IC information card in accordance with the 
present invention comprises input/output means in the 
card for receiving at least data, commands and 
keycodes and for providing at least data. In 

15 addition, the card includes nonvolatile read/write 

memory means within the card, the memory means having 
a multiplicity of addressable bit storage locations. 
Furthermore, the card includes first means within the 
card responsive to a first command, zone definition 

20 data and an entered keycode received by the 

input/output means for comparing the entered keycode 
with a first keycode stored in the card and for writ- 
ing the zone definition data in a first region of the 
memory means only if the received keycode matches the 

25 first keycode, the zone definition data comprising one 
or more zone definition words each corresponding to a 
respective data zone in a second region of the memory 
means, each zone definition word specifying at least 
the starting address of the corresponding data zone 

30 and the size of the corresponding data zone. 

Security levels may be specified for each of the 
data zones by providing the card with second means 
responsive to a second command, keycode data 
comprising one or more additional keycodes and an 

35 entered keycode received by the input/output means for 
comparing the entered keycode with the first keycode 
and for writing the additional keycodes in a third 
region of the memory means only if the entered keycode 
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matches the first keycode, and having each zone 
definition word further specify either no keycode or 
one or more of the first keycode and the additional 
keycode or keycodes as being required to be received 
5 by the input/output means in order to read data from 
the corresponding zone and either no keycode or one or 
more of the first keycode and the additional keycode 
or keycodes as being required to be received by the 
input/output means in order to write data in the 

10 corresponding data zone. 

In the preferred embodiment of the IC information 
card there is provided a third means within the card 
responsive to a read command, a code specifying a 
particular one of the data zones from which data is to 

15 be read and any entered keycode or keycodes received 
by the input/output means for comparing any entered 
keycode or keycodes with any keycode or keycodes 
specified as being required to read data in the par- 
ticular data zone for providing data from the 

20 particular zone to the input/output means if the 
entered keycode or keycodes match the keycode or 
keycodes specified as being required to read data from 
the particular data zone or if no keycode is specified 
as being required to read data from the particular 

25 data zone. Also provided in the preferred embodiment 
is a fourth means within the card responsive to a 
write command, a code specifying a selected one of the 
data zones in which data is to be written, data is to 
be written in the selected zone and any entered 

30 keycode or keycodes received by the input/output means 
for comparing any entered keycode or keycodes with any 
keycode or keycodes specified as being required to 
write data in the selected data zone and for writing 
the received data in the selected data zone if the 

35 entered keycode or keycodes match the keycode or 

keycodes specified as being required to write data in 
the selected data zone or if no keycode is specified 
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as being required to write data in the selected data 
zone. 

Moreover, in the preferred embodiment of the IC 
information card data is stored in each data zone as 
5 successively located data records and each zone 

definition word further specifies the maximum number 
of data records that can be stored in the 
corresponding zone, the length of the data in each 
data record in the corresponding zone and a zone 

10 allocation area in the memory means for storing data 
indicative of the location of the next data record to 
be stored in the corresponding zone. Each data record 
stored in a data zone includes a checksum byte and a 
record status byte indicative of the validity of the 

15 data record. In addition, each zone definition word 
further specifies whether the data provided to the 
input/output means by the third means in response to a 
read command and a code specifying data to be read 
from the corresponding zone is only the last data 

20 record to be written in the corresponding zone or all 
data records that are stored in the corresponding zone 
in the order in which such data records are written in 
the corresponding zone. 

An additional feature of the preferred embodiment 

25 of the IC information card in accordance with the 

present invention is the "locking" of the card after a 
specified number of successive unsuccessful attempts 
to access the card. This feature is implemented in 
the following manner. The memory means further 

30 contains a plurality of successively ordered lock 

status words, including a first and a last lock status 
word, each lock status word having a predetermined 
number of successively ordered bit positions, 
including a first and a last bit position, each bit 

35 position of each lock status word being initially in a 
second binary state. Additionally, the card further 
comprises fifth means within the card responsive to a 
failure of an entered keycode to match a keycode 
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stored in the card, as a result of a keycode compari- 
son made by the first, second, third or fourth means, 
for writing a first binary state in the lowest order 
bit position that is in the second binary state of the 
5 lowest order lock status word in which the highest 

order bit position is in the second binary state. The 
fifth means is responsive to a match of an entered 
keycode with a keycode stored in the card occurring 
directly after a failure of an entered keycode to 

10 match a keycode stored in the card, as a result of a 
comparison made by the first, second, third or fourth 
means, for writing a first binary state in the highest 
order bit position of the lock status word in which a 
first binary state was written by the fifth means in 

15 response to the directly preceding failure of an 

entered keycode to match a keycode stored in the card. 
The card further comprises sixth means within the card 
responsive to a lock status word having all but its 
highest order bit position in the first binary state ' 

20 for placing the card in a locked state in which at 
least reading and writing access to the first and 
second regions of the memory are prevented. Lastly, 
the card includes seventh means within the card 
responsive to an unlock command and one or more 

25 entered keycodes for comparing the entered keycode or 
keycodes with preselected keycode or keycodes stored 
in the card and for writing a first binary state in 
the highest order bit position of the lock status word 
having all but the highest order bit position in the 

30 first binary state to release the card from the locked 
state, if the entered keycode or keycodes match the 
preselected keycode or keycodes. 

In the preferred embodiment of the IC information 
card in accordance with the invention, the first, 

35 second, third, fourth, fifth, sixth and seventh means 
are included in an appropriately programmed 
microprocessor operatively coupled to the input/output 
means, and the memory means includes a programmable 



WO 87/07060 



-9- 



PCT/US86/01722 



read-only memory operatively coupled to the 
microprocessor . 

The above-described IC information card in accor- 
dance with the invention is advantageously used in 
5 conjunction with two-card reader/writer means having a 
first and a second port for receiving a first and a 
second card, respectively, and for coupling to the 
input/output means thereof , coupling means for 
receiving at least commands , data and keycodes and for 

10 providing at least data, and reader/writer memory 

means. The reader/writer means further includes first 
means responsive to the coupling means receiving a 
command to read the second card, a code specifying a 
particular zone in the second card from which data is 

15 to be read and any keycode or keycodes to be entered 
in the first card, for providing to the input/output 
means of the first card one or more read commands 
together with a code or codes specifying the data zone 
or zones of the memory means of the first card where 

20 the keycode or keycodes required to read data in the 
particular zone of the second card are stored and any 
keycode or keycodes received by the coupling means. 
The first means then transfers such required keycode 
or keycodes to the reader/writer memory means if the 

25 keycode or keycodes received by the coupling means 
match the respective keycode or keycodes that are 
required to read the one or more data zones of the 
memory means of the first card or if no keycodes are 
required to read such data zones. Thereafter, the 

30 first means provides to the input/output means of the 
second card the read command, a code specifying the 
particular data zone and the keycode or keycodes for 
reading data in the particular zone transferred from 
the memory means of the first card to the 

35 reader/writer memory means and transfers any data 

provided by the input/output means of the second card 
to the reader/writer memory means. 
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The two-card reader/writer means also includes 
second means responsive to the coupling means 
receiving a command to write to the second card, a 
code specifying a selected zone in the second card in 
5 which data is to be written, data to be written in the * 
selected zone and any keycode or keycodes to be 

entered in the card for providing to the input/output - 
means of the first card one or more read commands 
together with a code or codes specifying the data zone 

10 or zones of the memory means of the first card where 
the keycode or keycodes required to write data in the 
selected zone of the second card are stored and any 
keycode or keycodes received by the coupling means. 
The second means then transfers such required keycode 

15 or keycodes to the reader/writer memory means if the 
keycode or keycodes received by the coupling means 
match the respective keycode or keycodes that are 
required to read the one or more data zones of the 
memory means of the first card or. if no keycodes are 

20 required to read such data zones. Thereafter, the 

second means provides to the input/output means of the 
second card the write command, a code specifying the 
selected zone, the data to be written in the selected 
zone and the keycode or keycodes required for writing 

25 data in the selected zone transferred from the memory 
means of the first card to the reader/writer memory. 

Thus in accordance with the present invention, by 
using the IC information card with two-card 
reader/writer means in the foregoing manner, 

30 dissemination of knowledge of the keycodes required to 
access the data zones of a card is avoided. In the 
preferred embodiment, the first card includes a data 
zone storing an identification code unique to that 
card. The identification code of the first card is 

35 read by the reader/writer means and stored in the 
reader/writer memory following initial insertion of 
the first card into the reader/writer means. The 
identification code in the first card is read again 
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and compared with the identification code stored in 
the reader/writer memory means prior to each read or 
write access of the second card. If the 
identification code which is read prior to an access 
5 of the second card fails to match the identification 
code stored in the reader/writer memory means, access 
of the second card is prevented • 

Further in accordance with the invention , the 
above-described IC information cards are initialized 

10 by a initialization system that includes input means 
for receiving one of the cards at a time to be 
initialized and for coupling to the input/output means 
of the card received thereby and initializer memory 
means for storing the first keycode, appropriate zone 

15 definition data and additional keycode or keycodes. 
In addition, the initialization system includes first 
initializer means for writing the zone definition data 
stored in the initializer memory means to the first 
region of the memory means of the card received by the 

20 input means using the first command, and the first 
keycode stored in the initializer memory means • 
Furthermore, the initialization system includes second 
initializer means for writing the additional keycode 
or keycodes stored in the initializer memory to the 

25 third region of the memory means of the card received 
by the input means using the second command, and 
the first keycode stored in the initializer memory 
means . 

The initialization system in accordance with the 
30 preferred embodiment of the invention is also used to 
load the data zones of the IC information card with 
appropriate data to suit a particular application. 
This is accomplished by providing the card with second 
memory means, such as a magnetic stripe, for storing a 
35 file identification code and the initialization system 
with means for reading the second memory, such as a 
magnetic stripe reader, for obtaining the file 
identification code of a card received by the input 
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means of the system. Additionally, the initialization 
system includes mass storage means for storing a 
multiplicity of data files each associated with a 
respective file identification number, each data file 
5 having a plurality of data segments corresponding to 
respective data zones of a card as defined by the zone 
definition data written into the card by the first 
initializer means. There is further included third 
initializer means responsive to the file 

10 identification code obtained by the means for reading 
the second memory means for searching the data files 
in the mass storage means for the data file associated 
with that file identification code. The 
initialization system further includes fourth 

15 initializer means for writing the segments of the 

associated data file into corresponding data zones of 
memory means of the card received by the input means 
using the write command and appropriate keycode or 
keycbdes, if any, required for writing data in each 

20 corresponding data zone. 

There is further provided according to the 
present invention a method for segmenting the data 
storage region of the IC card memory into a plurality 
of segments, each having assignable attributes 

25 including an assignable security level and a method 
for preventing the dissemination of knowledge of the 
access codes for an IC information card by storing 
such codes in a control card and using two card 
read/writer means. 

30 Numerous other advantages and objects will appear 

to those skilled in the art with reference to the 
following detailed description of the invention, the 
appended claims and the accompanying drawings. 
Brief Description of the Drawings 

35 Figure 1 is a block diagram of the IC information 

card system in accordance with the invention; 

Figure 2A is a plan view of the IC information 
card in accordance with the invention; 
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Figure 2B is an elevated cross-sectional view of 
the IC card of Figure 2A taken along line 2B-2B; 

Figure 3 is an electrical schematic diagram of 
the CPU and EPROM of the IC information card in 
5 accordance with the invention; 

Figure 4 illustrates the memory map of the memory 
in the IC information card in accordance with the 
invention; 

Figure 5 illustrates the record status byte of a 
10 data record; 

Figure 6 illustrates the security level 
definition portion of a zone definition word in the 
memory of the IC information card in accordance with 
the invention; 

15 Figure 7 shows a memory map depicting the test 

address , system and user areas , as well as the 
relationship between physical and logical addresses of 
the IC information card memory in accordance with the 
invention; 

20 Figure 8 shows a memory map depicting the 

security management area, the zone definition area and 
the data area of the IC information card memory in 
accordance with the invention; 

Figure 8A shows a memory map depicting the 

25 organization of a single data zone of the IC 
information card memory in accordance with the 
invention; 

Figure 9' is a flow chart showing the IC 
information card operation generally upon receiving a 
30 command from the reader/writer; 

Figure 10, is an block diagram of the IC 
information card reader/writer in accordance with the 
invention; 

Figure 11 is an schematic diagram of the inter- 
35 face circuit for the card transport unit for the IC 
information card reader/writer of Figure 10; 
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Figure 12 and Figure 13 together show the sche- 
matic diagram of the IC information card reader/writer 
of Figure 10; 

Figure 14 shows the memory map of the ROM and RAM 
5 of the IC information card reader/writer of Figure 10; 

Figure 15 shows in block diagram form the 
configuration of software for the IC information card 
system in accordance with the invention; 

Figure 16 shows a block diagram of the IC infor- 
10 mation card initializer system in accordance with the 
invention; 

Figure 17 shows a memory map depicting the 
general organization of a master card for the IC 
information card initializer in accordance with the 
15 invention; 

Figures 18 through 22 show flow diagrams repre- 
senting the initializer program flow in accordance 
with the invention; 

Figures 23 through 39 show the command protocols 
20 of the BIOS program of IC information card 

reader/writer in accordance with the invention; 

Figures 40A and 40B show flow diagrams 
representing the IC information card reader/writer 
application program process flow in accordance with 
25 the invention ; 

Figures 41 through 91B show the flow charts of 
the program of the microprocessor of the IC 
information card in accordance with the invention; and 

Figures 92 through 107B show the communication 
30 protocols for the commands of the program of the IC 
information card initializer in accordance with the 
invention. 

Detailed Description of the Preferred Embodiments 
As shown in Figure 1, the IC card system 100 
35 according to the invention comprises an IC card 10/ 
connected via its contacts 24 to corresponding 
contacts in a reader/writer (R/W) 14- The system also 
comprises a host computer 16 connected to the 
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reader/writer 14 by an electrical link 18 , which may 
comprise an RS-232C communications link. The host 
computer 16 may be an IBM Model XT. As will be 
described below, the reader/writer 14 has two 
5 receptacles or ports for receiving up to two IC cards 
10 simultaneously. The individual components of the 
system will now be described in more detail. 
IC CARD 

The IC card 10 , as shown in Figs. 2A and 2B is 

10 preferably the same general size as a conventional 

magnetic stripe credit card having a size 54 by 86 by 
0.76 mm. The IC card has a magnetic stripe 19 and 
contains a CPU 20 and nonvolatile memory in the form 
of a PROM or EPROM 22. Alternatively, a storage 

15 device such as an EEPROM, i.e. an electrically eras- 
able programmable read only memory , can be used as the 
storage device. The IC module comprising the CPU 20 
and EPROM 22 is enclosed in the card 10 using a 
between-layers lamination method known. to those 

20 skilled in the art. 

The IC module is electrically connectable to the 
reader/writer 14 by means of eight terminals CI 
through C8 as shown in Figure 2A. The card size as 
well as the electrical terminals CI through C8 are 

25 designed to comply with ISO (International 

Organization for Standardization) standards for IC 
cards. These standards provide essentially for eight 
terminals CI through C8 located and positioned in the 
arrangement shown in Figure 2A with the dimensions of 

30 each terminal being 2.0 by 3.9 mm and edge to edge 
vertical and horizontal spacings of 0.54 mm and 
7.62 mm/ respectively. The terminals CI through C8 
are adapted to engage corresponding contacts (not 
shown) in the reader/writer 14. 

35 Figure 3 shows in more detail the electrical con- 

nections between the terminals CI through C8, the CPU 
20 and the EPROM 22. The CPU may be a model 8049 8- 
bit microprocessor. The EPROM may be a model 2764 C 
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with a storage capacity of 64K bits, (i.e. 8K bytes). 
Electrical connections between the CPU 20 and EPROM 22 
include a control bus 26 comprising two lines, an 
address bus 28 comprising 13 lines, and a data bus 30 
5 comprising 8 lines. Although the particular 

embodiment shows CPU 20 and EPROM 22 as separate IC 
chips, it is to be understood that equivalents of 
those two components may be fabricated on a single IC 
chip. 

10 With respect to the CI through C8 and with refer- 

ence to Figure 3, terminal CI is designated VCC and 
provides the power (+5 volts) to the CPU and memory. 
Terminal C2 designated RST is the reset terminal of 
the CPU. Terminal C3 designated CLK is the clock 

15 terminal of the CPU. Terminal C5 designated GND is 
the ground. Terminal C6 designated VPP is the 
read/write power terminal of the EPROM (although in 
some embodiments the single 5 volt power source CI may 
accomplish this purpose). Terminal C7 designated I/O 

20 is the data input/output terminal for communicating 
data to and from the reader/writer. Terminals C4 and 
C8 are not presently used in the exemplary card. 
IC CARD MEMORY 

A unique feature of the present invention is in 

25 providing a user (data) memory area in the EPROM 22 of 
the card which can be selectively divided into a 
number of zones, each of which may be selectively 
accessed (for reading, writing or both) if a key or 
password code entered into the card by its user 

30 permits such access for that particular zone. 

The memory of the IC card will be described with 
reference to Figure 4 which shows the data area of an 
IC card memory being divided into a plurality of 
zones, which can be from 1 to 255 in number. Each 

35 zone is further divided into a zone allocation area 
and a number of records from 1 to 25 5. Each record 
is further divided into three segments, the first 
being the segment where the data are stored, the 
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second being a check byte and the third being a record 
status byte. The length of the records can be 
selectively defined by the user to be up to 253 bytes, 
so that the total size of the data record will be up 
5 to 255 bytes, with the check byte (CB) and record 
status byte (SB) included. 

The check byte (CB) is used to detect distorted 
data in a data record. When a data record is written, 
the IC card calculates a value using this data by, for 

10 example, a check summation using the complement of 2 
method, and writes this value into the check byte 
space. When a record is read, the IC card checks the 
integrity of the data by performing the same 
calculation and by comparing the calculated value to 

15 the value stored as the check byte. The record status 
byte (SB) is used for defining record attributes such 
as data validity and is read or written using the 
record 'status byte write-read commands of the IC card 
program. 

20 ZONE DEFINITION 

The attributes of each zone are defined by 
writing a zone definition table into the EPROM of the 
IC card. The following zone attributes may be defined 
for each zone: 

25 1) record length (number of bytes) 

2) number of records 

3) security level 

4) UPDATE/HISTORY. 

(a) Record Length 

30 The length of data per record is expressed as the 

number of bytes in the record. The shortest record 
permitted is one byte, and the longest record 
permitted is 253 bytes. 

(b) Number Of Records 

35 The number of records in each zone may range from 

1 up to 255. 
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(c) Security Level 

This attribute relates to the access level at the 
time of writing or reading a record. The IC card nor- 
mally requires one or two keycodes corresponding to 
5 the security level defined for a zone to be entered 
into the card before reading or writing of data in the 
zone is permitted. If a keycode stored in the IC card 
for a particular zone does not match the code entered 
from an external source (e.g./ an IC card 
10 reader/writer), data cannot be read or written in that 
zone. The security control functions of the IC card 
in accordance with the present invention will be 
explained in further detail hereinbelow. 

( d ) UPDATE/HI STORY 

15 This attribute relates to the mode of reading 

data from a zone. When a zone is defined as "UPDATE" , 
only the most recently written record in the zone is 
obtained when the zone is read. If a zone is defined 
as "HISTORY", all records in the zone are obtained in 

20 the sequence in which they were written when the zone 
is read. Whether to define a particular zone as an 
UPDATE zone or a HISTORY zone depends on the user 
application. 
DATA READ /WRITE 

25 (a) Data Write 

Data is written sequentially in a zone in units 
of records. For example, if in Zone No. N data has 
been written up to Record No. 1, additional data is 
written in Record No. 2. 

30 (b) Data read 

Data records are read out of only one zone at a 
time. The method of reading data records depends on 
whether the zone is defined as UPDATE or HISTORY. If 
the zone is defined as UPDATE, only the last written 

35 record in the zone is read. In the above example, 
Record No. 2, which was the last to be written, is 
read if zone No. N is defined as UPDATE. If the zone 
is defined as HISTORY, all records in the zone are 
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read in the sequence the records were written. In the 
above example, data is read from zone No. N in the 
sequence of Record No. 0, Record No, 1 and Record No. 
2 if that zone is defined as HISTORY. 
5 (c) Record Status Byte 

The configuration of record status byte is shown 
in Fig. 5. Each of the bits MO through M7 of the 
record status byte can be given a special meaning in 
the data record. The meaning of each bit must be 

10 defined in advance by the system application that uses 
the IC card. The M7 bit is normally used to indicate 
"record deletion" or "unnecessary record". The record 
status byte can be written or read by issuing an 
appropriate command to the IC card. 

15 KEY CODES (PASSWORD CODES ) 

This IC card needs a password code when writing 
or reading data in the card memory, in order to avoid 
unauthorized use of the card. The password code is 
not needed in applications that do not require 

20 security as will be described hereinbelow. 

There are the following four types of keys or 
password codes: 

1) Manufacturer's key (M-key) 8 bytes 

2) Personalization key (P-key) 8 bytes 
25 3) Organization key (O-key) 8 bytes 

4) PIN 4 bytes 

(a) Manufacturer's Key (M-Key) 

The M-key is defined in the mask program of the 
microprocessor of the IC card. Therefore, it cannot 

30 be read externally by any means. The M-key is a 

password code consisting of 8 bytes and is specified 
by the manufacturer prior to the manufacture of 
the IC. The M-key must be controlled by the 
manufacturer and the system user and should not be 

35 made known to the IC card user. The M-key is used 
only for internal diagnostic activities within the 
card. (The system user mentioned here means the party 
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who issues the initialized cards to user 
organizations. ) 

(b) Personalization Key (P-Key) 

The P-key is defined in the mask program of the 
5 microprocessor of the IC card. Therefore, it cannot 
be read externally by any means. The P-key is a 
password code consisting of 8 bytes and can be 
specified by the system user upon request prior to the 
manufacture of the IC card. The P-key must be 
10 controlled by the system user and should not be made 
known to the IC card user. The P-key is used on the 
following occasions: 

(1) to write an organization key; 

(2) to write a PIN key; 

15 (3) to write zone definition tables; and 

(4) when the system user uses a specific 
zone for himself. 

(c) Organization Key (0-Key) 

The O-key is a eight-byte password code that the 
20 system user can define after the card is manufactured. 
When combined with a PIN code, the O-key can provide 
an additional level of security for the card. 
Although the O-key can be used in a variety of ways 
depending on the application , it is normally used as a 
25 higher level key than the PIN key. The O-key is 
stored in the EPROM of the IC card. The O-key may 
also be used to write the PIN key in the EPROM. 

(d) PIN Key 

The PIN (Personal Identification Number) key is a 
30 four-byte password code that the system user can 

define after the card is manufactured. As in the case 
of the O-key, this key can also be used in a variety 
of ways by the application, but the common use of the 
PIN key is as a private password code of the IC card 
35 user. The PIN' key is also stored in the EPROM of the 
IC card. 
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SECURITY CONTROL FUNCTION 
(a) Security Level 

The security level of each zone is defined in the 
zone definition table. The term "security level" as 
5 used herein means the key or combination of keys among 
those defined (P-key, O-key and PIN) that are required 
to perform a read or a write operation in a particular 
zone. Reading and writing operations for a given zone 
may have different security levels. A 6-bit portion 
10 of a zone definition word used to define the security 
levels for reading and writing in a particular zone 
and the codes defining the various security levels in 
accordance with the invention are illustrated in 
Figure 6. 

15 The different levels of security that are 

available in the IC card according to the present 
invention and the key or keys necessary for each 
security level are summarized in Table A. 



TABLE A 



20 



25 



Security Level 
0 
1 
2 
3 
4 
5 
6 
7 



Necessary Keyfs) 
Access disabled 
PIN 
O-key 

PIN or O-key 

PIN and O-key 

P-key 

Undefined 

No key required 



30 



35 



(b) Card Lock 

As explained above, the IC card requires a 
password code or codes as defined by the zone 
definition table in order to read or write in a zone. 
If an entered key does not match a required key three 
times in succession, the card is "locked" or disabled 
from further use. The "lock" function applies to all 
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IC card operations (e.g./ writing of a Pin or O-key, 
reading or writing of a zone definition table, reading 
or writing of a record status byte, etc.) where a key 
is needed and is not limited only to the reading or 
5 writing of a data record, 
(c) Card Unlock 

Once locked, the card cannot be used. However, 
it can be made usable by issuing an "UNLOCK" command 
to the card. Before unlocking a card, it must be 

10 carefully determined whether the cause for locking the 
card was a simple error in memorizing a required key 
on the part of the card user or an attempt at an 
unauthorized access of the card. The O-key (or P-key) 
and the PIN key are both needed to unlock a card. The 

15 unlock function can only be performed up to 486 times 
on a single card. 
MEMORY MAP 

Figure 7 shows the memory map of an IC card 
according to the present invention. The card has an 
20 EPROM. The 64k-bit memory consists of the following 
three areas: 

1) test address; 

2) system area; and 

3) user area. 
25 (a) Test Address 

This is a physical address. Addresses 0, 1, 2, 
4, 8, 16, 32, 64, 128, 256, 512, 1024, 2048 and 4086 
are used for testing at the time of manufacturing or 
during use of the IC card. During such testing the 

30 data of 00H, 11H, 22H, 33H, 44H, 55H, 66H, 77H, 88H, 
99H, AAH, BBH, CCH and DDH are written sequentially 
into the test addresses. If the test data cannot be 
read or written correctly to each test address, a 
hardware failure is indicated. 

35 (b) System Area 

This area is used by the manufacturer of the card 
and is not in general available to either the system 
or card user. This area is used to check the card 



WO 87/07060 



-23- 



PCT/US86/01722 



function, to control the card and to extend the 
application. The size of this area is 119 bytes, 
(c) User Area 

This area stores user data and has a size of 8058 
5 bytes. This area is specially defined as "logical 
address" . 

Logical address = 0 - 8057 (1F79H) (1) 
Unless otherwise specified, the term "address" as used 
herein means a "logical address". 

10 IC CARD FORMATTING OR INITIALIZATION 

Prior to reading or writing a data record in the 
IC card memory, the memory must be formatted 
(initialized) to correspond to a particular 
application for the IC card system. The formatting of 

15 the IC card memory consists of the following two 
operations: 

1) writing of key codes; and 

2) writing' of a zone definition table. 

(a) Key Code Write 

20 The PIN key (4 bytes) and the O-key (8 bytes) 

must be written into the IC card memory. If the 
respective security levels of all zones are defined as 
"No Key Required", there is no need to write the PIN 
and O-key into the card. Once written in, the PIN key 

25 and the O-key cannot be changed. 

(b) Write Zone Definition Tables 

As described above, the zone definition 
attributes are as follows: 

1) record length; 
30 2) number of records; 

3) security level (for writing and 
reading); and 

4) UPDATE/HI STORY data record read mode. 
In addition to the above, the following additional 

35 zone definition attributes must also be defined: 

5) zone starting address; and 

6) number of allocation bytes 
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A zone definition word for each zone written into the 
IC card memory is 6-bytes in length containing codes 
representing the above six attributes. 

Figure 8 shows the memory map of an IC card at 
5 the time of zone definition. The security management 
area 705 of the IC card memory is used to store 
information for detecting unauthorized use of the 
card. The area 705 also includes three status bits 
which respectively indicate whether the PIN key and 

10 the O-key have been written and whether the zone 

definition area 706 has been closed. The PIN and CD- 
keys themselves are stored in memory area 705. 

The remainder of the security management area 705 
(243 bytes) is divided into 486 4-bit nibbles. These 

15 nibbles are used one at a time for recording 

unsuccessful attempts to access the IC card memory. 
Each time an entered key does not match a required 
key, the next successive nonzero bit of the current 
nibble being used to record unsuccessful access 

20 attempts is set to zero. When the three lowest order 
bits of the current nibble are all set to zero, the 
card is "locked". The card may be "unlocked" by 
setting the highest order bit of the current nibble to 
zero. An access in which the entered key matches the 

25 required key resets the count. If the current nibble 
has recorded any unsuccessful access attempts, all 
bits of the current nibble are set to zero. The 
unlocking or resetting of the card causes further 
unsuccessful attempts to be recorded in the next 

30 successive nibble. 

Figure 8A shows the memory map of an individual 
zone 707 as indicated on Figure 8. Each zone includes 
an allocation area 721, which is used to store 
information as to which records in the zone have been 

35 written. The bits within the allocation area 721 are 
used to keep track of the next available record to be 
written. The lowest order bit of the first byte of 
the zone allocation area 721 is set to zero when the 
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first record 725 of the zone is written. The next 
lowest order bit in the first byte of the zone 
allocation area 721. is set to zero when the second 
record 726 of the zone is written. The process 
5 continues as each successive record is written, 

setting a respective bit for each record, until the 
maximum number of records, as specified in the zone 
definition word 703 for that zone, is written. When 
the last allocated record 727 is written, no further 

10 records may be written to the zone 707, although the 
data in the zone may still be read. In the present 
exemplary embodiment the zone allocation area for each 
zone is located within the zone itself. However, in 
some instances it may be desirable to locate the zone 

15 allocation areas for all the zones together in a 
separate area of the card memory. 

The check byte (CB) 723 has already been 
discussed in connection with Pig. 4. The status byte 
(SB) 724 has already been discussed in connection with 

20 Figures 4 and 5. 

Up to 255 zones may be defined in the IC card 
memory. Since the starting address of a zone is 
stored in the zone definition word, there may be 
unused memory space between the end of the zone 

25 definition table area and the start of the first zone. 
A similar unused memory space may exist between two 
adjacent zones. 

(c) Zone size 

The size of Zone No. "n" (expressed as L(n)- 
30 number of bytes) is calculated using the following 
formula: 

L(n) = m(n) x (l(n) + 2) + m(n)/8 (2) 
where l(n) is the record length in number of bytes and 
m(n) is the number of records. Decimal fractions are 
35 rounded to the next higher integer. 

(d) Zone Address Calculation 

Assuming that the number of zones to define is M, 
that the same address is not used for two or more 
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places and that no unused memory space exists, the 
start address S(N) of the N-th zone is calculated as 
follows: 

N-l 

5 S(N ) = I L(n) + 6M + 256 (3) 

n=l 

The end address E(N) of the N-th zone is calculated as 
follows : 

N 

10 E(N ) = I L(n) + 6M + 255 (4) 

n=l 

From the above formulae, the last address E(M) of the 
IC card memory is calculated as follows: 

N 

15 E(M ) = I L(n) + 6M + 255 (5) 

n=l 

However, because of the limit on the IC card memory 
area the last address E(M) is as follows: 

E(M ) < 8057 (6) 

20 Because of the limit of available RAM buffer 

space, the product of record length and number of 
records in a zone may not exceed 2048. 

l(n) x m(n) < 2048 (800H) (7) 
IC CARD OPERATION 

25 Figure 9 is a flow diagram of the IC card opera- 

tion. In accordance with this flow chart, the IC card 
first receives a command from the reader/writer at 
801. The IC card then does a check at 803 to 
determine whether the command is supported by the 

30 card. If the command is not valid, an error code 
indicating such is produced at 804 and processing 
stops. However, if the command is valid, it is 
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executed at 805 , and the output as a result of command 
execution is provided at 806. 
COMMAND DESCRIPTION 

The IC card uses 15 commands which are classified 
5 into 8 different groups, namely, IC card hardware 

test, formatting, key write, zone read/write, records 
remaining to be written in a zone, record status 
management, and card program version information read. 
It should be understood that some commands require 

10 particular keys and parameters for their execution. 
The IC card commands in accordance with the present 
invention are listed in Table B herein. 
RESULT OF EXECUTIONS BY THE IC CARD (RESPONSES ) 

The IC card informs the reader/writer of the 

15 result of the execution of a command. If the command 
includes a read command, the data obtained through 
execution of the read command are included in the 
response provided to the reader/writer. The response 
indicating command execution by the IC card can 

20 take the form of one or more return codes. 
READER/WRITER COMPONENT 

The reader/writer 14 which is connected to the 
host computer 16 via a RS-232C communication link 18 
and which accepts one or two IC cards will now be 

25 described. Figure 10 is a block diagram of a 

reader/writer 14 showing two ports numbered 1 and 2 
(914 and 915) for receiving the IC information cards 
described above. The respective reader/writer ports 



WO 87/07060 



-28- 



PCT/US86/01722 



are connected to card interfaces (I/P) 902 and 901 
which are in turn connected via a data/address bus 903 
to other components in the reader/writer. Also 
connected to the card interfaces 902 and 901 are 
5 respective buzzers or sound transducers 904 and 905 , 
each of which may produce a different frequency , e.g. 
600 Hertz and 2400 Hertz, A RAM memory 906 of 8K 
bytes , ROM memories 907 and 907A having a total of 16K 
bytes , and a CPU 908 in the form of a Z80A 

10 microprocessor are also connected to the data/address 
bus 903. The RS-232C interface 909 is also connected 
to the data/address bus 903. The reader/writer 14 is 
provided with a power supply 910 which receives 90 to 
130 volts AC through a noise filter 911 and which 

15 supplies DC voltages of 5 volts, +12 volts and - 
12 volts. 

As part of the reader/writer ports 914 and 915, 
card transports are provided for transporting the 
cards into and out of the reader/writer ports. Such 

20 transports are commercially available from various 

manufacturers, such as the Toppan Moore Company, Ltd. 
of Tokyo, Japan. An electrical schematic diagram of 
the interface for such a card transport is shown in 
Figure 11. In the lower portion of the figure, the 

25 electrical connections provided to the terminals of 
the IC card are indicated. 

When an IC card is inserted into one of the 
read/write ports, a solenoid is activated and the 
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respective card is held in place within the 
reader/writer 14. At this time, the corresponding 
card insertion state LED 912 or 913 as shown in Figure 
10 is illuminated. When transactions involving the 
5 card are completed, the inserted card can be removed 
by pressing the card eject button 916 or 917 for the 
port in which the card is inserted. However, if the 
card eject button is pressed during IC card operation, 
i.e., while IC card operation indicator LED 918 or 919 

10 is lit, the card eject button will be inoperative. 
The card may also be ejected by a command issued by 
the host computer as will be described below. When 
the card is ejected, the card insertion state LED 912 
or 913 is extinguished. 

15 A more detailed schematic diagram of the reader/ 

writer in accordance with the invention is shown in 
Figures 12 and 13. / ; Figure 12 shows on the left the 
Z80A CPU unit 908 being connected on the upper left to 
a clock which drives one of its inputs. A reset 

20 circuit is also provided on the left of this figure, 
as well as connections to the power LED and the 
connection socket for the power supply. Shown on the 
upper right in Figure 12 are the ROMs 907 and 907A and 
the RAM 906, which are connected to the Z80A CPU 908 

25 by an address bus in the upper part of the figure and 
a data bus in the central part of the figure. A baud 
rate selection dip switch arrangement is shown in the 
bottom center portion of the figure, which also 
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provides square wave outputs to drive the respective 
buzzers. Also shown in the bottom portion of this 
figure is the RS-232C interface which is connected to 
the baud rate selection chip and to the cable 
5 connector to the RS-232C interface. 

Referring to Figure 13 , the card interface units 
901 and 902 are shown respectively in the right and 
left hand portions of the figure. Each of the 
interface units is connected to the data bus in the 

10 upper portion of the figure, and are connected to the 
various solenoid coils in the respective transport 
units of the reader/writer ports 914 and 915 via con- 
nection strips CN2 and CN3, respectively. The buzzer 
905 for the card I/Pl is connectable to terminals a 

15 and b in the bottom right portion of the figure, and 
the buzzer 904 for card I/F2 is connectable to 
terminals c and d in the bottom center of the figure. 

The reader/writer memory map is illustrated in 
Figure 14. This memory map shows the BIOS program 

20 area resident in a portion of the 8K byte area of ROM1 
907, and the buffer for the BIOS present in a portion 
of the 8K byte area of RAM 906. 
IC CARD SECURITY SYSTEM SOFTWARE 

Figure 15 shows the configuration of the software 

25 provided for the present IC card system in simple 
block form. As shown in this figure, the host 
computer 16 contains the host application program and 
the input/output (I/O) handler. The I/O handler of 
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the host communicates with the reader/writer 14 
through the BIOS program of the reader/writer. The 
reader/writer also has an application program. 
Communication with the IC card 10 is made through the 
5 BIOS program of the reader/writer as shown. The IC 
card 10 also has its own card program resident in its 
microprocessor memory. 

The host application program is prepared accord- 
ing to the particular business requirements of the IC 

10 card system user. The I/O handler of the host 
provides the basic input/output routine for 
communication between the host computer and 
reader/writer. The BIOS program is the input/output 
handler for. the IC card reader/writer and can perform 

15 input/output operations via the RS-232C link to the 

host computer , input/output operations to and from the 
IC cards , and other functions. Typical other 
functions include turning on and turning off of the 
internal buzzers 904 and 905 of the reader/writer, and 

20 checking whether a card is inserted or not inserted. 
The application program of the reader/writer is 
prepared according to the requirements of the system. 
The card program which is built into the CPU of the IC 
card during chip fabrication controls the configura- 

25 tion and access of the IC card and the card memory, as 
described above. 

The reader/writer is designed to facilitate the 
host computer in accessing the data stored in the IC 
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card in order to fully utilize the IC card functions. 
Commands issued by the host computer can be divided 
roughly into the following command types: 
reader/writer control commands , data record control 
5 commands , IC card issue commands (IC card format 
command)/ and security related commands* 
The reader/writer application program implements the 
reader/writer BIOS commands, which are listed in 
TABLE B herein. It should be understood that the host 

10 computer and the IC card reader/writer can be 
connected over a telecommunication link via a 
modem/acoustic coupler. 

The reader/writer application program in the pre- 
ferred embodiment incorporates a security plan which 

15 uses one of the two cards as the control card and the 
second as the application or user card. This approach 
increases the overall security of the system by 
avoiding the dissemination of knowledge of the keys 
required to access the various data zones of the IC 

20 card memory. For example r the O-key need not be known 
to any person, since it can be stored in the control 
card. Therefore, that key is not readily available to 
someone who wishes to make an unauthorized access 
attempt in the user card. Additionally, the two card 

25 approach eliminates the need for the entry of the 

access keys and other information by the system user. 

The reader/writer application program illustrated 
in Figure 40, operates as follows: After 
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initialization 4001, a unique field (serial number) is 
read from the control card and stored in the 
reader/writer for later comparisons, process 4003. 
Various keys may then be read from protected zones 
5 within the control card, e.g., O-key, PIN key and any 
additional user defined keys, using processes 4004 
through 4014, and stored within the reader/writer for 
later use in accessing the application or user card. 
It is noted that these keys may also be loaded into 

10 the reader/writer memory from the host computer. The 
commands from the host computer specify what kind(s) 
of key(s) are required for the specific operation. 
The reader/writer application program interprets the 
commands and by using the previously stored keys 

15 issues the BIOS commands necessary to accomplish the 
specified operation. The additional security features 
of the reader/writer application program come into 
play at this point. Prior to issuing a command to the 
user card which requires one or more keys, the 

20 reader/writer application program checks the control 
card serial number, at 4009 to make sure that the 
control card has not been changed. If it has been 
changed, the control card serial number and the 
applicable keys in the reader/writer are set to zero, 

25 and an error message is returned to the host computer. 
Under such conditions, the command to the user card is 
not carried out. The commands defined by the 
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reader/writer application program are listed in 
Table E. 

As shown in Figure 14 , the user's program area 
occupies memory locations 1000H to 1FFFH, or from 
5 100QH to 3FFFH if optional ROM2 is used. The memory 
location in the RAM area at addresses E00QH to EOFFH, 
i.e., 256 bytes, is used as a data buffer and as a 
stack for the BIOS program, leaving the RAM area from 
E100H to FFFFH as user memory. 

10 ISSUE SYSTEM COMPONENTS AND OPERATION 

The IC cards can be formatted (initialized) and 
personalized in a number of ways. The terms 
"formatting" and "initialization" both refer to the 
writing of the O-key, the zone definition table and, 

15 optionally, the PIN key in the IC card memory. The 
term "personalization" refers to the writing of 
appropriate data records in the data zones of the 
IC card memory. 

One aspect of the present invention is to format 

20 and personalize a large number of IC cards for a 

particular application on a mass production basis. To 
accomplish this, an arrangement as shown in Fig. 16 is 
used which comprises an initializer (I/Z) 50 used in 
conjunction with a host computer 16. The host 

25 computer in the preferred embodiment is an IBM-XT 
having a CRT, a keyboard, a printer, a 10 MB hard 
disk, and a one or more double floppy diskette drives. 
The initializer 50 and the host computer 16 are 



WO 87/07060 



-35- 



PCT/US86/01722 



connected to each other by a RS-232C communications 
link, 

In accordance with the personalization process, 
the respective data files to be loaded into the IC 
5 cards are stored on the hard disk or floppy diskette 
or some other mass storage medium and are accessed by 
way of a personal code for each personal data file 
stored in the mass storage medium. Each IC card to be 
personalized is provided with a magnetic stripe in 

10 accordance with the conventional format and is 
magnetically encoded with a personal code for 
addressing a corresponding personal data file in the 
mass storage medium. The magnetic encoding of the 
magnetic stripe. is carried out using conventional 

15 techniques preferably on the second track of the 
stripe in accordance with the ABA standard or JIS 
type I, or the first track in accordance with JIS 
type II. 

The initializer 50 has an input slot or an input 
20 hopper for accepting cards and a card handler for 
moving each card automatically through a magnetic 
stripe reader to electrical contacts in the 
initializer which make electrical contact to 
respective IC card contacts C1-C8. Each card is first 
25 initialized by writing the O-key, the zone definition 
table and, optionally, the PIN key in the card memory. 
Such initialization information and the P-key, which 
is required before the initialization information can 
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be written into the card memory, have been previously 
entered into the initializer and are stored in the 
initializer memory. The initialization information 
and the P-key are advantageously entered into the 
5 initializer by means of a master card/ as will be 
described in further detail herein below. 

Following initialization, if the card in the ini- 
tializer is to be personalized, the personal code on 
the magnetic stripe is read and transferred to the 

10 host computer. In response to receiving the personal 
code of the card, the computer addresses the 
corresponding personal data file in the mass storage 
medium and personalizes the card by writing the data 
in the file in previously defined zones of the IC card 

15 memory. The initialized and personalized cards are 
then ejected. 

In order to operate such a system, master cards 
52, one or more IC cards 10, and several data files 
must be prepared. There are four types of master 

20 cards 52, one for each operation of the initializer. 
All master cards are previously written with 
information necessary for the respective operation 
according to a predetermined format. The information 
written on the master cards includes a different 

25 identification code for each operation and a batch 
number which is necessary for issue control. Figure 
17 is a memory map of a master card 52. 
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The different operations of the IC card initial- 
izer include formatting, ( initialization) , 
personalization, unlocking, and formatting 
(initialization) with personalization, 
5 The files necessary for formatting and 

personalization include a Z.D.T. (zone definition 
table) data file and an index file. The Z.D.T. file 
is used for formatting or for formatting with 
personalization. If the Z.D.T. data is written in the 

10 master card, the Z.D.T. file need not be stored in the 
memory associated with the host computer. 

The index file is used for personalization or for 
formatting with personalization. The file contains 
the record length, the field configuration, and field 

15 number of the personal data file, the field number 
being used for the search. Also used for 
personalization or for formatting with personalization 
is a zone and field correspondence file in which the 
correspondence between the zone numbers in the card 

20 memory and the fields of the personal data file are 
defined. Lastly, a personal data file is used for 
personalization or for formatting and personalization. 
This file is prepared by the user of the system and 
consists of fixed length records not including a 

25 header and contains a field for record search. 

The host computer has a main program to carry out 
initialization (formatting) , personalization, 
unlocking or both initialization (formatting) and 
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personalization of an IC card. The Z.D.T. data file, 
the personal data files, the index file and the zone 
and field correspondence file must all be created 
before an IC card is initialized and personalized by 
5 the main program. The main program also needs a 

master card on which the required data is written in a 
certain format. 
MAIN PROGRAM 

Figure 18 is a flow chart showing the pre- 

10 operation portion of the main program. The program 
first asks the user whether the communication 
parameters of baud rate, parity, stop bit and byte 
length should be set to their default values of 9600, 
none, 2 and 8, respectively. If not, the user then is 

15 requested to input other values for these parameters. 
The pass word is then requested, and if the entered 
password is satisfactory, the date and time are 
displayed for verification by the user. If the date 
and time are not correct, the user should input "n" 

20 which causes the program to return the system to DOS 
to allow the correct date and time to be entered. 
Once this has been done and the program reinitiated, 
if needed, the system completes the pre-operation. 
Thereafter the screen displays five menu items of 

25 format, personalization, unlock, format with personal- 
ization, and end. The user selects which one of the 
five menu items he desires. The first four menu items 
are now described. 
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FORMATTING I INITIALIZATIONS 

Figure 19 shows the flow chart for the formatting 
program. When this menu item is selected, the master 
card is inserted by the user, and the PIN number for 
5 the master card is requested and entered by the user. 
If the inserted master card contains the ZDT data and 
the O-key (or a corresponding key for a different 
embodiment) such data and key are automatically read, 
and the master card is ejected. The program then asks 

10 the user to enter the number of cards which are to be 
formatted. If the inserted master card does not 
contain the ZDT data, the system reads the ZDT data 
file from the memory associated with the host 
computer. The file contents are then displayed and 

15 checked by the user. If the £ inserted master card does 
not contain the O-key data, this data is entered from 
the keyboard by the user. The master card processing 
is then complete, and the IC .cards to be formatted are 
then inserted into the initializer. Each time a card 

20 is formatted, the user is asked whether or not the 

formatting should continue for the remaining cards or 
whether the formatting should be terminated. When the 
desired number of cards have been formatted, the main 
program returns to the menu. 

25 PERSONALIZATION 

Figure 20 shows the flow diagram for the person- 
alization program. In accordance with this program, 
master card insertion is requested, and if the 
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inserted master card is found to be correct/ the entry 
of the PIN number for the master card is requested 
from the user. If the master card contains the O-key , 
the system automatically reads the key, and the master 
5 card is ejected. However, if the master card does not 
contain the O-key data, the user must enter this data 
via the keyboard. The system then reads the three 
files necessary for personalization, namely: the index 
file; the personal data file; and the zone and field 

10 correspondence file. After the system has read the 
contents of all the necessary files, it requests the 
insertion of cards to personalize. The cards inserted 
into the initializer at this point must have been 
previously formatted and have the appropriate magnetic 

15 data encoded ,on their magnetic stripes in order to 
allow the host computer to find the proper personal 
data file in the mass storage medium. 

The IC cards are then fed, one at a time, into 
the initializer. The initializer reads the magnetic 

20 stripe on each card to find the personal code and 

obtains the personal data file corresponding to that 
personal code from the mass storage medium and writes 
the personal data from the file into the IC card * 
memory. At this time the PIN key may also be written 

25 into the IC card. The PIN number may also be written 
into the IC card at a later time by the system user. 
After each card is personalized, the system requests 
whether further personalization of the remaining cards 
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should continue. Once all of the cards have been 
personalized or upon early termination of the 
personalization process, the main program returns to 
the menu, 
5 UNLOCK PROCESS 

Figure 21 shows the flow chart procedure for the 
unlock process. According to this process, the 
program asks the user to insert the master card and to 
input the PIN key for the master card. The O-key is 

10 then entered by the user from the keyboard of the host 
computer if the inserted master card does not contain 
this key. The master card is then removed and the IC 
cards to be unlocked are then inserted. The 
individual PIN keys associated with each card are then 

15 entered, and the system checks to see whether these 
PIN numbers are correct. After each card is unlocked 
(or if unlock is refused because of an improper PIN 
number), the card is ejected and the user has the 
option of continuing with further unlocking of the 

20 other cards or returning to the menu. 

FORMATING AN D PERSONALIZATION IN COMBINATION 

Figure 22 shows the flow chart for the formatting 
(initialization) with personalization in combination. 
This flow chart is essentially a combination of the 

25 individual steps from the formatting and 

personalization flow charts of Figures 19 and 20. 
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OUTPUT FILE 

An output file called XREPORT (wherein X may be 
replaced by F, P, U or C depending upon the type of 
operation carried out by the initializer, i.e., 
5 formatting, personalization, unlocking or formatting 
and personalization combined) is prepared during 
initializer operation. All errors made during the 
operation are recorded in a file called XERROR, 
wherein X may be replaced by F, P, U or C. All file 
10 contents can be checked using conventional file 
handling means. 

INITIALIZER COMMUNICATIONS SPECIFICATION 

All communications between the host computer and 
the initializer are carried in string format 

15 comprising two bytes indicating string length, one 

byte indicating the type of string, bytes of data and 
one final byte indicating the checksum. The string 
length is a two byte field indicating the length of 
the entire string excluding the checksum byte at the 

20 end of the string. (The order of the field is the 

least significant byte first and the most significant 
byte last.) There are four types of strings, namely, 
a command string (designated by 01), a data string 
(02) and information string (03) and a control string 

25 (04). The data can be any number of bytes needed 

corresponding to a string type. The checksum is the 
sum of all string data just before the checksum and is 
provided in two's complement format. 
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The command string format is essentially the same 
general format as indicated above, except that the 
data comprises a command code and parameters. The 
format for the data string is also essentially the 
5 same as described above, except that the data includes 
a field indicating the number of data elements and 
another field indicating the data length in bytes. 
The format for the information string is essentially 
the same as that described above, except that the 

10 string length is fixed at 5, and the data includes 

error type and error detail examples. The format for 
the control string is also generally the same as that 
described above, except that the string length is 
fixed at 4 and the control code is one of three types, 

15 namely, 01H indicating ACK, 02H indicating NAK, 03H 
indicating EOT. 

PROGRAM LISTING AND COMMAND CODES 

A print listing for the reader/writer basic 
input/output system (BIOS) in accordance with the 

20 invention is included in Appendix I. A listing of the 
BIOS commands is provided in Table C herein. Table D 
herein lists these commands and shows the information 
transferred between the reader/writer and IC card 
during command execution, as well as the string 

25 format. 

Figures 23 through 39 illustrate the command pro- 
tocols between the reader/writer and IC card, showing 
the direction and sequence of command, parameters, 
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return and error codes between the reader/writer and 
IC card. The commands illustrated in these figures 
correspond generally to many of the BIOS commands 
listed on Table C herein. 
5 A print listing of the reader/writer application 

program, in accordance with the present invention, is 
also included in Appendix I. The commands used in the 
reader/writer application program are shown in Table E 
herein, which also illustrates the protocol used with 

10 the commands. 

Figures 41 through 91B are flow charts of the 
IC card program, in accordance with the present 
invention. A print listing of the IC card program, in 
accordance with the invention, is included in Appendix 

15 I. 

Figures 92 through 108B illustrate the command 
protocol between the host computer and initializer 
(I/Z) during the initialization process. 

While a particular embodiment of an IC card 

20 security system has been shown and described, numerous 
variations and modifications will readily occur to 
those skilled in the art. The invention is not 
intended to be limited to the embodiment illustrated 
and described but is merely illustrative of the 

25 application of the principles of the invention, whose 
scope is pointed out in the appended claims. 
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TABLE B 



COMMAND 





CODE (hex} 


NEMONIC 


FUNCTION 


5 


21H 
23H 


PINWR 
OKEYWR 


PIN Code WRITE 
Organization KEY WRITE 




25H 
26H 
24H 


WRZDT 
CLZDA 
RDZDT 


WRiTE Zone Definition Table 
CLOSE Zone Definition Table Area 
READ Zone Definition Table 


10 


10H 
11H 
13H 


RDZONE 

WRZN 

WRZNWV 


READ RECORDS In a Zone 

WRITE RECORD onto a Zone 

WRITE RECORD onto a Zone with Verify 




15H 
14H 


STWR 
STRD 


Record Status Byte Mark 
Record Status Byte Read a Zone 




27H 


UNLOCK 


UNLOCK the locked Card 


15 


28H 


REMAIN 


READ Number of Remaining Records 




3 OH 
31H 


MTEST 
RTEST 


CARD TEST AT MANUFACTURING 
CARD READ TEST 



42H 



RDMPD 



READ MASK PROGRAM DATA (NAME) 
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TABLE C 



BIOS COMMAND LIST 
<BIHWT11C> 

COMMAND 



5 


CODE ( hex ) 


NEMONIC 


FUNCTION 




01H 


SELCR1 


Select Card reader #1 




02H 


SELCR2 


Select Card reader #2 




03H 


BZON 


Buzzer on 




04H 


BZOFF 


Buzzer off 


10 


05H 


SDIN 


RS-232C Data input 




06H 


SDOUT 


RS-232C Data output 




07H 


CDINCK 


Card in check 




08H 


INIT 


Initialize IC card reader/writer 




09H 


CEJCT 


Card eject 


15 


10H 


RDZN 


Read a zone 




11H 


WRZN 


Write a zone 




13H 


WRZNWV 


Write a zone with verify 




14H 


STRD 


Read record status byte 




15H 


STWR 


Write record status byte 


20 


21H 


PINWR 


Write Pin code 




23H 


OKEYWR 


Organization key write 




24H 


n T"^ M 

RDZDT 


Read Zone Definition Table 




n CTT 

<s Drl 


WRZDT 


Write Zone Definition Table 




26H 


CLZDA 


Close Zone Definition Table Area 


25 


27H 


UNLOCK 


security lock cancel 




28H 


REMAIN 


read remaining number of records 




3 OH 


MTEST 


Card test at manufacturing 




31H 


RTEST 


Card read test (test at using) 




42H 


RDMPD 


Read mask program data 


30 


note: command 


code and 


another parameter should be set to 




A-register and 


proper registers before BIOS call. 



J* 
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TABLE D 



COMMAND INPUT RETURN 





SELCRl 
fOlH) 


nothing 




nothing 












SELCR2 
f 02H1 


nothing 




nothing 












CDINCK 

(07m 


nothing 




A: return code 










10 


BZON 
(03H) 


nothing 




A: return code 












BZOFF 
(04H1 


nothing 




A: return code 










15 


INIT 
(08H) 


nothing 




A: return code 


Select reader #1. 
Only one time usa- 
ble at power on, 




CEJCT 
f 09H) 


nothing 




A: return code 










20 


SDIN 


<DE:buf f ei 


' address> 


A: return code 


DE 
+ 








C: number of input 


1 ASCII code 


CR 


LF 




(05H) 






bytes ( including 
CR, LF code) 


+ C bytes 




-> 


25 


SDOUT 


DE:buf f er 


address 


A: return code 


DE 
+ 










(06H) 


of output data 




1 ASCII code 


CR 


LF 




















ao 


PINWR 


HL: buffer 


address 




HL 
+ 








A: return code 


1 P-kevrO-kev 


Pint 


r 


(21H) 








8 ■> 4 


35 










HL 
+ 








OKEYWR 


HL: buffer 


address 


A: return code 


1 P-key 0- 


-kev 


1 




(23H) 








<«- 8 -f 


8 
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TABLE D (Cont'd) 



COMMAND INPUT 



RETURN 



HL 
+ 



5 WRZDT HL: buffer address 

(25H) Bizone number ( 01H~FFH) 



A: return code 



P-key I ZDT data I 



8 



HL 

1 

10 CLZDA HL:buffer address A: return code 1 P-key 

(26H) * 8 



15 



RDZDT 
(24H) 
Needs 
one of 
3 kevs 



B:zone number ( 01H~FFH) A: return code 
C:key type IX:buffer address 

(l:Pin,2:0-key,5:P-key) of read data 
HL: buffer address 

<IX: buffer address> 

for read data> 



INPUT 
HL 

i 

I KEY 1 
-*-4or 8-> 



RETURN 
IX 

i 



ZDT 1 
6 -»■ 



20 



25 



RDZN 
(10H) 



B:zone number ( 01H~FFH) A: return code 
C:key type D:Number of records [N] 

bit0~3:lst key type E:record length[L] 
bit4~7: 2nd key type IX: read data 
(C rea: I 7-2nd-4 I 3-lst-0 I ) buffer address 
type:lH Pin type 

2H 0-key,5H P-KEY 
FH No key 





HL* 


1st 


key 


30 




2nd 


kev 



<IX:buffer address 

for read data> 



No.l record 



check byte 
No. 2 record 
check byte 



No. [N] record 



check byte 



35 



2nd key type and 2nd key are not always necessary. 

(and for lowest security level the 1st key is not needed either). 





B,C,HL: 


IY* 




+ 




Same as RDZN command 




Data 




40 WRZN 


E:data length(L bytes) A: return code 




to be 


L 


(11H) 


IY: buffer address of 




written 




Write data 
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TABLE D (Cont'd) 



COMMAND INPUT 



RETURN 



B,C,HL,E,IY: 



WRZNWV 
5 (13H) 



A: return code 



Same as WRZN command 



10 



B , C , HL : 

STWR Same as RDZN command 
(15H) D:record No. (01H~FPH) A:return code 
E:bit No. (0-7) 



15 



20 



B,C,HL: A: return code IXn 

STRD Same as RDZN command D: number of records (N) 
(14H) <IX:buffer address IX:buffer address of 

for status bytes> status bytes 



status 
bytes 



N 



C:lst and 2nd key type 

lH:Pin 

2H: 0-key 

UNLOCK 5H; P-kev 

(27H) (C reg: I 7-2nd-4 I 3-lst-0 I ) 
Needs. 2 of HLrbuffer address 

3 keys of key 



HL-* 



A: return code 




25 B,C,HL: A:return code 

REMAIN Same as RDZN command D: number of records 
(28H) remaining a zone 



MTEST nothing A: return code (result) Mfr. use 

30 (30H) 



1st step : card memory blank check, 2nd step : test write and verify 
Test write means to write test data on test address (see below table) 
After MTEST command, card memory is like following: 



35 


Addr . 


(hex) 


0 


1 


2 


4 


8 


10 


20 


40 


80 


100 


200 


400 


800 


1000 




Data. 


(hex) 


00 


22 


22 


33 


44 


55 


66 


77 


88 


99 


AA 


BB 


CC 


DD 



RTEST nothing A: return code (result) Check test datas 

(31H) on test address 

40 
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TABLE D (Cont'd) 



COMMAND INPUT 



RETURN 



RDMPD <IX:buffer address for A: return code 
5 (42H) mask program data> 



mask program 
data 
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TABLE E 



Reader/Writer Application Program Commands 



COMMAND 



INPDT 



OUTPUT 



COMMENTS 



5 Read # Transactions 
left in Zone 
to write 



Key must be previously 
set for the card 
being accessed. 



10 



RM 
RMP 
RMO 
RMB 



Command 
Zone # 



Return Code 
# Records left 



RME 



15 



Command 
Key Type 
Key 
Zone # 



Return Code 
# Records left 



Key is not preset, 



20 Read Zone 

RN 
RP 
RO 

25 RB 



Command 
Zone # 



Return Code 
# of Records 
Record length 
Record #1 to 
Record #n 



Key must be previously 
set for the card 
being accessed • 



30 RE Command Key is not preset. 

Key Type 
Key 

Zone # 

Return Code 

35 # Records used 

Record length 
Record #1 to 
Record #n 
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TABLE E (Con't) 



Reader/Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



5 Write Zone 

WN 
WP 
WO 

.10 WB 



Command 
Zone # 
Data 



Key must be previously 
set for the card 
being accessed. 



Return Code 



WE 



15 



Command 
Key Type 
Key 
Zone # 
Data 



Key is not preset, 



Return Code 



Write Zone w/Verify Key must be previously 



20 set for the card 

VN Command being accessed. 

VP Zone # 

VO Data 

VB Return Code 



VE Command Key is not preset. 

Key Type 
Key 
Zone # 

30 Data 

Return Code 
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TABLE E (Con't) 



Reader/Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



5 Read Zone Definition 



10 



ZN 
ZP 

zo 

ZB 



Command 
Zone # 



Return Code 
Zone Definition 
Bytes 



Key must be previously 
set for the card 
being accessed. 



15 



20 



ZE 



Command 
Key Type 
Key 
Zone # 



Key is not preset. 



Return Code 
Zone Definition 
Bytes 



Card in Check 
CD 



Command 



R/W returns Error Code 
if Card not in 



Return Code 



25 



Select Card Module NO return code 

CI 

C2 Command 
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TABLE E (Con't) 



Reader/Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



5 Card Eject 
CE 



Command 



Return Code 



Eject Card from 

selected module 



10 Card Application 
Check 

CA 



15 



Command 



Return Code 
Application 
Info 



Application Type is in 
Zone 1 - No security 



20 



Get Key from Host 

GP Command 
GO Key 



Return Code 



Gets the key and 

stores it for later 
use - for the logged 
card 



Get Key from 
Control Card 

25 

GCP 
GCO 
GC1 
GC2 

30 GC3 
GC4 
GC5 



Command 



Return Code 



Gets the key and 

stores it for later 
use - for card one 
only 

Pin for control card 
must be previously , 
set (from host) 
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TABLE E (Con't) 



Reader/Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



5 Test the Card 
TR 



Command 



Return Code 



Simple read test 
routine 



10 Status Byte Read 

SR 

SRP 

SRO 

15 SRB 



Command 
Zone # 



Key must be previously 
set for the card 
being accessed. 



Return Code 
# of Records 
Stat byte #1 to 
Stat byte #n 



SRE 



20 



25 



Command 
Key Type 
Key 
Zone # 



Return Code 
# Records used 
Stat byte #1 to 
Stat byte #n 



Key is not preset. 



30 



Status Byte Write 

SWN 
SWP 
SWO 
SWB 



Command 
Zone # 
Record # 
Bit # (0-7) 



Key must be previously 
set for the card 
being accessed. 



Return Code 



35 
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TABLE E (Con't) 



Reader /Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



SWE 



Command 
Key Type 
Key 
Zone # 
Record # 
Bit # (0-7) 



Key is not preset, 



Return Code 



Report Version R/W 

VRS Command 



Returns the version of 
the EPROM in the R/W 



Version Info 



Unlocks card that has 
been locked by 
security 

PIN and 0-Key must be 
preset before use 



Unlock Locked Card 

UN Command 



Return Code 



Buzzer Control 

BN 
BP 



Command 



Return Code 



Turns buzzer on (BN) 
or off (BF) for 
logged Card Module 



Report Version Card 

DR Command 



Returns the version of 
the program in the 
Card 



Return Code 
Version Info 
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TABLE E (Con't) 



Reader/Writer Application Program Commands 



COMMAND 



INPUT 



OUTPUT 



COMMENTS 



5 Write PIN in Card 



Writes the PIN into 
the card for 
security use 



KP 



Command 

O-Key 

PIN (to be 



10 



written) Return Code 



GENERAL INFORMATION: 

All commands/ and parameters sent to the card r if any for the particular 
command/ are terminated by an ASCII Carriage Return - Line Peed pair of 
15 characters. Additionally/ all data transmissions from the R'eader/Writer 
are also terminated by an ASCII Carriage Return - Line Feed pair of 
characters. 

All commands which require a key to operate (unless there is a choice 
of keys available) require that the key be previously set for the R/W - 
20 either from the host or from the control card. The E (Either) option 
requires the key type and key be entered from the host program. 
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TABLE F 



Command codes are: 



00H: 


NOP 


01H: 


Card in 


02H: 


Card out 


03H: 


Write magnetic data 


04H: 


Read magnetic data 


05H: 


Contactor down 


06H: 


: Contactor up 


07H: 


: Write a zone 


08H< 


: Read a zone with data 


09H 


: Read a zone without data 


OAH 


: Formatting 


OBH 


: Unlock 


OCH 


: Check sensor 


ODH 


: On each output device 


OEH 


: Off each output device 


OFH 


: Transmit data 


10H 


: Write PIN 
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Claims 

An IC information card comprising: 

input/output means in the card for receiving 
at least data, commands and keycodes and for 
providing at least data; 

nonvolatile read/write memory means within 
the card, the memory means having a multiplicity 
of addressable bit storage locations; 

first means within the card responsive to a 
first command, zone definition data and an 
entered keycode received by the input/output 
means for comparing the entered keycode with a 
first keycode stored in the card and for writing 
the zone definition data in a first region of the 
memory means only if the received keycode matches 
the first keycode, the zone definition data 
comprising one or more zone definition words each 
corresponding to a respective data zone in a 
second region of the memory means, each zone 
definition word specifying at least the starting 
address of the corresponding data zone and the 
size of the corresponding data zone. 

An IC information card according to claim 1, 
wherein the card further comprises second means 
within the card responsive to a second command, 
keycode data comprising one or more additional 
keycodes and an entered keycode received by the 
input/output means for comparing the entered 
keycode with the first keycode and for writing 
the keycode data in a third region of the memory 
means only if the entered keycode matches the 
first keycode, and wherein each zone definition 
word further specifies either no keycode or one 
or more of the first keycode and the additional 
keycode or keycodes as being required to be 
received by the input/output means in order to 
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read data from the corresponding zone and either 
no keycode or one or more of the first keycode 
and the additional keycode or keycodes as 
being required to be received by the input/output 
means in order to write data in the corresponding 
data zone. 

An IC information card according to claim 2, 
wherein the card further comprises third means 
within the card responsive to the input/output 
means receiving a read command, a code specifying 
a particular one of the data zones from which 
data is to be read and any entered keycode or 
keycodes , for comparing any entered keycode or 
keycodes with any keycode or keycodes specified 
as being required to read data in the particular 
data zone and for providing data from the 
particular zone to the input/output means if the 
entered keycode or keycodes match the keycode or 
keycodes specified as being required to read data 
from the particular data zone or if no keycode is 
specified as being required to read data from the 
particular data zone, and wherein the card 
further comprises fourth means within the card 
responsive to the input/output means receiving a 
write command/ a code specifying a selected one 
of the data zones in which data is to be written , 
data to be written in the selected zone and any 
entered keycode or keycodes , for comparing any 
entered keycode or keycodes with any keycode or 
keycodes specified as being required to write 
data in the selected data zone and for writing 
the received data in the selected data zone if 
the entered keycode or keycodes match the keycode 
or keycodes specified as being required to write 
data in the selected data zone or if no keycode 
is specified as being required to write data in 
the selected data zone. 
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An IC information card according to claim 3, 
wherein data is stored in each data zone as 
successively located data records and each zone 
definition word further specifies the maximum 
number of data records that can be stored in the 
corresponding zone, the length of the data in 
each data record in the corresponding zone and a 
zone allocation area in the memory means for 
storing data indicative of the location of the 
next data record to be stored in the 
corresponding zone. 

An IC information card according to claim 4, 
wherein the zone allocation area is located in 
the corresponding zone and contains one or more 
successively ordered bit positions each 
associated with a respective data record position 
in the zone, each bit position of the zone allo- 
cation area containing a first or a second binary 
state depending upon whether or not the data 
record position associated with that bit position 
contains a data record, respectively, and wherein 
the fourth means is further responsive to the 
contents of the zone allocation area of the 
selected zone for writing a data record in the 
selected zone in the data record position therein 
that is associated with the lowest order bit 
position of the zone allocation area therein con- 
taining the second binary state and for writing a 
first binary state in that lowest order bit 
position containing the second binary state. 

An IC information card according to claim 4, 
wherein each data record stored in a data zone 
includes a checksum byte and a second status byte 
indicative of the validity of the data in the 
data record. 
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An IC information card according to claim 4, 
wherein each zone definition word further 
specifies whether the data provided to the 
input/output means by the third means in response 
to a read command and a code specifying data to 
be read from the corresponding zone is only the 
last data record to be written in the 
corresponding zone or all data records that are 
stored in the corresponding zone in the order in 
which such data records are written in the 
corresponding zone. 

An IC information card according to claim 3, 
wherein the third region of the memory means 
further contains a plurality of successively 
ordered lock status words , including a first and 
a last lock status word, each lock status word 
having a predetermined number of successively 
ordered bit positions, including a first and a 
last bit position,' each bit position of each lock 
status word being initially in a second binary 
state, and wherein the card further comprises 
fifth means within the card responsive to a 
failure of an entered keycode to match a keycode 
stored in the card, as a result of a keycode 
comparison made by the first, second, third or 
fourth means, for writing a first binary state in 
the lowest order bit position that is in the 
second binary state of the lowest order lock 
status word in which the highest order bit 
position is in the second binary state, the fifth 
means being responsive to a match of an entered 
keycode with a keycode stored in the card 
occurring directly after a failure of an entered 
keycode to match a keycode stored in the card, as 
a result of a comparison made by the first, 
second, third or fourth means, for writing a 
first binary state in the highest order bit 
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position of the lock status word in which a first 
binary state was written by the fifth means in 
response to the directly preceding failure of an 
entered keycode to match a keycode stored in the 
card, and wherein the card further comprises 
sixth means within the card responsive to a lock 
status word having all but its highest order bit 
position in the first binary state for placing 
the card in a locked state in which at least 
reading and writing access to the first and 
second regions of the memory means are prevented, 
and seventh means within the card responsive to 
an unlock command and one or more entered key- 
codes for comparing the entered keycode or 
keycodes with preselected keycode or keycodes 
stored in the card and for writing a first binary 
state in the highest order bit position of the 
lock status word having all but the highest order 
bit position in the first binary state to release 
the card from the locked state, if the entered 
keycode or keycodes match the preselected keycode 
or keycodes • 

An IC information card according to claim 8, 
wherein the first, second, third, fourth, fifth, 
sixth and seventh means are included in an 
appropriately programmed microprocessor 
operatively coupled to the input/output means and 
the memory means includes a programmable read- 
only memory operatively coupled to the 
microprocessor . 

An IC information card system comprising: 

a first and second IC information card each 
having : 

(a) input/output means in the card for 
receiving at least data, commands and keycodes 
and for providing at least data, 
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(b) means storing a first keycode, 

(c) nonvolatile memory means within 
the card having a first region for storing one or 
more keycodes and a second region segmented into 

5 a plurality of data zones , each one of the data 

zones being defined to require either no keycode 
or a specified one or more of the first keycode 
and the keycode or keycodes stored in the first 
region to be entered into the card in order to 

10 read data in that data zone and to require either 

no keycode or a specified one or more of the 
first keycode and the keycode or keycodes stored 
in the first region to be entered into the card 
in order to write data in that data zone, 

15 (d) first means within the card 

responsive to the input/output means receiving a 
read command, a code specifying a particular one 
of the data zones in which data is to be read and 
any entered keycode or keycodes , for comparing 

20 any entered keycode or keycodes with any keycode 

or keycodes specified as being required to read 
data in the particular data zone and for 
providing data from the particular zone to the 
input/output means if the entered keycode or 

25 keycodes match the keycode or keycodes specified 

as being required to read data in the particular 
data zone or if no keycode is specified as being 
required to read data from the particular data 
zone, and 

30 (e) second means within the card 

responsive to the input/output means receiving a 
write command/ a code specifying a selected one 
of the data zones in which data is to be written, 
data to be written into the selected zone and any 

35 entered keycode or keycodes, for comparing any 

entered keycode or keycodes with any keycode or 
keycodes specified as being required to write 
data in the selected data zone and for writing 
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the received data in the selected zone if the 
entered keycode or keycodes match the keycode or 
keycodes specified as being required to write 
data in the selected data zone or if no keycode 
is specified as being required to write data in 
the selected zone, wherein the memory means of 
the first card includes one or more data zones 
each storing a respective one or a combination of 
the first keycode and the keycode or keycodes 
stored in the first region of the memory means of 
the second card; and 

IC card reader/writer means having: 

(a) a first and a second port for 
receiving the first and second cards, 
respectively, and for coupling to the 
input/output means thereof, 

(b) coupling means for receiving at 
least commands, data and keycodes and for 
providing at least data, 

(c) reader/writer memory means, 

(d) first means responsive to the 
coupling means receiving a command to read 
the second card, a code specifying a 
particular zone in the second card in which 
data is to be read and any keycode or 
keycodes to be entered in the first card, 
for providing to the input/output means of 
the first card one or more read commands 
together with a code or codes specifying the 
data zone or zones of the memory means of 
the first card where the keycode or keycodes 
required to read data in the particular zone 
of the second card are stored and any 
keycode or keycodes received by the coupling 
means, for transferring such required 
keycode or keycodes to the reader/writer 
memory means if the keycode or keycodes 
received by the coupling means match the 
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respective keycode or keycodes that are 
required to read the one or more data zones 
of the memory means of the first card or if 
no keycodes are required to read such data 
zones, for providing to the input/output 
means of the second card the read command , a 
code specifying the particular data zone and 
the keycode or keycodes for reading data in 
the particular zone transferred from the 
memory means of the first card to the 
reader/writer memory means , and for trans- 
ferring any data provided by the 
input/output means of the second card to the 
reader/writer memory means , and 

(e) second means responsive to the 
coupling means receiving a command to write 
to the second card/ a code specifying a 
selected zone in the second card in which 
data is to be written; data to be written in 
the selected zone and any keycode or 
keycodes to be entered in the first card for 
providing to the input/output means of the 
first card one or more read commands 
together with a code or codes specifying the 
data zone or zones of the memory means of 
the first card where the keycode or keycodes 
required to write data in the selected zone 
of the second card are stored and any 
keycode or keycodes received by the coupling 
means , for transferring such required 
keycode or keycodes to the reader/writer 
memory means if the keycode or keycodes 
received by the coupling means match the 
respective keycode or keycodes that are 
required to read the one or more data zones 
of the memory means of the first card or if 
no keycodes are required to read such data 
zones , and for providing to the input/output 
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means of the second card the write command, 
a code specifying the selected zone, the 
data to be written in the selected zone and 
the keycode or keycodes required for 
writing data in the selected zone 
transferred from the memory means of the 
first card to the reader/writer memory. 

IC information card system according to claim 10, 
wherein the memory means of the first card 
includes a first data zone containing an 
identification code for the card and wherein the 
reader/writer means further comprises third means 
for reading the first zone of the memory means of 
the first card following initial coupling of the 
first card to the reader/writer means and 
transferring the identification code therein to 
the reader/writer memory means and for reading 
the first zone of the memory means of the first 
card each time the coupling means receives a 
command to read the second card or command to 
write to the second card and comparing the con- 
tents read therein with the identification code 
stored in the reader/writer memory means, the 
third means preventing at least reading and 
writing of the memory means of the second card if 
the contents of the first data zone of the memory 
means of the first card fails to match the 
identification code stored in the reader/writer 
memory means. 

An initialization system for IC information cards 
each including first means within the card 
responsive to a first command, zone definition 
data and an entered keycode received by the 
input/output means for comparing the entered 
keycode with a first keycode stored in the card 
for writing the zone definition data in a first 
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region of the memory means only if the received 
keycode matches the first keycode, the zone 
definition data comprising one or more zone 
definition words each corresponding to a 
5 respective data zone in a second region of the 

memory means , each zone definition word 
specifying at least the starting address of the 
corresponding data zone and the size of the 
corresponding data zone, and second means within 

10 the card responsive to a second command, keycode 

data comprising one or more additional keycodes 
and an entered keycode received by the 
input/output means for comparing the entered 
keycode with the first keycode and for writing 

15 the keycode data in a third region of the memory 

means only if the entered keycode matches the 
first keycode, and wherein each zone definition 
word further specifies that either no keycode or 
one or f more of the first keycode and the 

20 additional keycode or keycodes are required to be 

received by the input/output means in order to 
read data from the corresponding zone and either 
no keycode or one or more of the first keycode 
and the additional keycode or keycodes are 

25 required to be received by the input/output means 

in order to write data in the corresponding data 
zone, the system comprising: 

input means for receiving one of the 
cards at a time to be initialized and for 

30 coupling to the input/output means of the card 

received thereby; 

initializer memory means for storing the 
first keycode, appropriate zone definition data 
and additional keycode or keycodes; 

35 first initializer means for writing the zone 

definition data stored in the initializer memory 
means to the first region of the memory means of 
the card received by the input means using the 
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first command, and the first keycode stored in 
the initializer memory means; and 

second initializer means for writing the 
additional keycode or keycodes stored in the 
initializer memory to the third region of the 
memory means of the card received by the input 
means using the second command, and the first 
keycode stored in the initializer memory means • 

An IC information card initializer system 
according to claim 12, wherein the first keycode, 
the zone definition data and the additional 
keycodes are stored in a master card which is 
received by the input means before receiving the 
first one of the cards to be initialized and the 
system further comprises third initializer means 
for transferring the first keycode, the zone 
definition data and the additional keycode or 
keycodes from the master card to the initializer 
memory means. 

An IC information card initialization system 
according to claim 12, wherein the system further 
comprises automatic feeder means for receiving a 
multiplicity of the cards to be initialized and 
for feeding the cards one at a time to the input 
means and automatic receiving means for receiving 
a card after the zone definition data and the 
additional keycode or keycodes have been written 
into the memory means thereof. 

An IC information card initialization system 
according to claim 12, wherein the card further 
includes third means within the card responsive 
to a write command, a code specifying a selected 
one of the data zones in which data is to be 
written, data to be written in the selected zone 
and any entered keycode or keycodes received by 
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the input/output means for comparing any entered 
keycode or keycodes with any keycode or keycodes 
specified as being required to write data in the 
selected data zone and for writing the received 
data in the selected data zone if the entered 
keycode or keycodes match the keycode or keycodes 
specified as being required to write data in the 
selected data zone or if no keycode is specified 
as being required to write data in the selected 
data zone, and second memory means for storing a 
file identification code, and wherein the system 
further comprises : 

means for reading the second memory means 
for obtaining the file identification code of a 
card received by the input means; 

mass storage means for storing a 
multiplicity of data files each associated with a 
respective file identification number, each data 
file having a plurality of data segments 
corresponding to respective data zones of a card 
as defined by the zone definition data written 
into the card by the first initializer means; 

third initializer means responsive to the 
file identification code obtained by the means 
for reading the second memory means for searching 
the data files in the mass storage means for the 
data file associated with that file identi- 
fication code; and 

fourth initializer means for writing the 
segments of the associated data file into 
corresponding data zones of memory means of the 
card received by the input means using the write 
command and appropriate keycode or keycodes, if 
any, required for writing data in each 
corresponding data zone. 

Art IC information card initialization system 
according to claim 15 wherein the second memory 
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means of the card is a magnetic stripe on the 
card and the means for reading the second memory 
means is a magnetic stripe reader. 

In an IC information card containing a non- 
volatile memory means having a multiplicity of 
addressable bit storage locations, a method for 
segmenting a data storage region of the memory 
means into a plurality of data zones, each having 
assignable attributes including an assignable 
security access level, the method comprising the 
steps of: 

defining first, second and third regions in 
the memory means, the third region being the data 
storage region; 

requiring the entry in the card of at least 
a first keycode for writing in the first and 
second regions of the memory means; 

writing one or more keycodes in the first 
region of the memory means by entering the first 
keycode and any additional required keycodes; and 

writing zone definition data in the second 
region of the memory means by entering the first 
keycode and any additional keycodes, the zone 
definition data comprising one or more zone 
definition words each corresponding to a 
respective data zone in the third region of the 
memory means, each zone definition word 
specifying at least the starting address of the 
corresponding zone, the size of the corresponding 
zone and whether no keycode or one or more of the 
first keycode and the keycode or keycodes in the 
first region are required to be entered in the 
card to read data in the corresponding data zone 
and whether no keycode or one or more of the 
first keycode and the keycode or keycodes in the 
first region are required to be entered in the 
card to write data in the corresponding zone. 
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The method according to claim 17 wherein data is 
stored in each data zone as successively located 
data records and each zone definition word 
further specifies the maximum number of data 
records that can be stored in the corresponding 
zone, the length of the data in each data record 
in the corresponding zone and a zone allocation 
area in the memory means for storing data 
indicative of the location of the next data 
record to be stored in the corresponding zone. 

In an IC information card containing a non- 
volatile memory means having one or more data 
zones each requiring the entry in card of a 
respective keycode or combination of keycodes for 
reading data in the data zone and a respective 
keycode or combination of keycodes for writing 
data in the data zone, a method for' preventing 
the dissemination of knowledge of the respective 
keycode or keycodes required for reading or 
writing in the data zones of the card comprising 
the steps of: 

storing the respective keycode or keycodes 
required for reading or writing in the data zones 
of the memory means of the card in a separate 
control card; and 

transferring by two card reader/writer means 
any required keycode or keycodes from the control 
card to the card when reading or writing of a 
selected one of the data zones in the memory 
means of the card is to be carried out. 
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